What does it mean if a password has appeared in an external data breach?

When setting or resetting your CommSec password, you may see a message telling you that your proposed password has appeared in a data breach. This means that the password has appeared on a list of passwords that were stolen from one or more websites or digital businesses globally. The password may have been used by somebody for a completely different digital service, but because it has been published online as part of a list of passwords that have been involved in a data breach, it is no longer considered a secure password to use.

If you see this message, it does not mean that your CommSec account has been compromised.

How does CommSec know whether a password has been breached?

There are millions of passwords used by people around the internet, and unfortunately, there have been various instances where hackers have stolen user IDs and passwords from certain websites or digital businesses. Sometimes, these ID and password details are published online for other hackers to try and use.

In response to these security issues, there are now databases that monitor data breaches so that individuals and legitimate businesses can tell whether a particular username or password has been involved in a data breach.

When you’re choosing a password for your CommSec account, our system will check whether your proposed password has appeared in one of the databases of breached passwords from people and businesses around the globe. If it has been breached, we’ll ask you to come up with a new one for your own security.

Unfortunately, combinations of common words and numbers often appear in the database of breached passwords. As such, you may need to use a more complex combination of letters and numbers.

Has my CommSec account been compromised?

No. If the password has been involved in a data breach this doesn’t mean that your CommSec account has been compromised. However, it could increase the chance of your account becoming compromised, because the password that you’ve used has appeared on a list of breached passwords.

What should I do?

If you use this password for other online accounts or services, you should consider changing it. We recommend choosing a strong combination of letters, numbers, and symbols.

 

© Commonwealth Securities Limited ABN 60 067 254 399 AFSL 238814 (CommSec) is a wholly owned but non-guaranteed subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124 AFSL 234945. CommSec is a Market Participant of ASX Limited and Cboe Australia Pty Limited, a Clearing Participant of ASX Clear Pty Limited and a Settlement Participant of ASX Settlement Pty Limited.

The information on this page has been prepared without taking into account your objectives, financial situation or needs. For this reason, any individual should, before acting on this information, consider the appropriateness of the information, having regards to their objectives, financial situation or needs, and, if necessary, seek appropriate professional advice.

CommSec does not give any representation or warranty as to the accuracy, reliability or completeness of any content on this page, including any third party sourced data, nor does it accept liability for any errors or omissions.

Top